Managing recurring payments from mobile terminals

ABSTRACT

Equipment and methods for facilitating service provisioning in a system that include a payment processor, a number of service providers and a mediator that mediates information exchange between the payment processor and service providers, and a mobile terminal operated by payment card holder. In some disclosed embodiments, service provisioning can be facilitated in cases where the payment processor must reside in a strictly regulated Payment Card Industry (PCI) compliant environment and the service providers operate servers that are not PCI-compliant.

PARENT CASE INFORMATION

The present invention claims benefit from the following commonly ownedearlier applications: 1) Ser. No. 12/944,749, title “CommunicationMethod and System”, filed Nov. 12, 2010, claiming priority from FI20011680, filed Aug. 21, 2001; 2) Ser. No. 13/002,512, title “Method andSystem for Sending Messages”, filed Jul. 3, 2009, claiming priority fromF120085701, filed Jul. 4, 2008; 3) Ser. No. 13/074037, title“Authentication Method and System”, filed Mar. 29, 2011, claimingpriority from FI 20011680, filed Aug. 21, 2001; 4) Ser. No. 13/039338,title “Method and System for the Mass Sending of Messages”, filed Mar.3, 2011, claiming priority from FI 20051245, filed Dec. 2, 2005; 5) Ser.No. 12/972,610, title “Booking Method and System”, filed Dec. 20, 2010,claiming priority from FI 20011680, filed Aug. 21, 2001; 6) Ser. No.12/958,870, title “Communication Method and System”, filed Dec. 2, 2010,claiming priority from FI 20011680, filed Aug. 21, 2001; 7) Ser. No.12/401,392, title “Method and System for Delivery of Goods”, filed Mar.10, 2009; 8) Ser. No. 12/226,878, title “Method and System for CombiningText and Voice Messages in a Communications Dialogue”, filed Apr. 26,2007, claiming priority from FI 20060419, filed May 2, 2006; 9) Ser. No.12/226,876, title “Method and System for Combining Text and VoiceMessages in a Communications Dialogue”, filed Apr. 26, 2007, claimingpriority from FI 20060420, filed May 2, 2006; and 10) Serial number13/332409, title “Financial Fraud Prevention Method and System”, filed21 Dec. 2011. The entire contents of the above-identified parentapplications is incorporated herein by reference.

FIELD OF THE INVENTION

The present invention relates to telecommunications. In particular, theinvention relates to methods and systems for authentication and/orverification via telecommunications.

BACKGROUND OF THE INVENTION

Services that are booked or used via the Internet are constantlyincreasing. The Internet enables one to use several on-line servicessuch as services connected to banks, health services, travel agencies,vehicle maintenance, and so on.

The increasing popularity of mobile computing and communications devicesintroduce new challenges to services on the Internet. Mobile terminalsare able to deliver information to users when needed and where needed.Users want ubiquitous access to information and applications from thedevice at hand. They also want to access and update this informationwherever they happen to be.

It is important to notice, however, that not all the terminals will bemobile. Future services must be able to communicate with a large varietyof terminal devices, both those that are mobile and those that are not.Different terminal devices have very different capabilities.

Interoperability of different services and terminal devices requiresstandards on several levels. It is not enough to have, say, commoncommunication protocols. It would be very important to share commonconcepts and understanding what a certain piece of data means in acertain context. However, it has been very difficult to agree on thoseissues, as there exists an enormous number of companies, organizations,and other actors in the field.

Many services must be able to manage bookings. They include for examplebooking appointments for health services; booking travel reservationsfor hotels, airlines, and rental cars; booking tickets for venues;booking appointments for vehicle maintenance; booking maintenance forapartments; and so on. It would be very useful, if those services couldget information from one another. For example, if a customer is bookingtickets for a concert, he or she might want to book a table in arestaurant also. It helps, if the restaurant's booking service getsbasic information, like date and customer's name from the theater'sbooking system. Unfortunately, there have not been methods to exchangeinformation between different kinds of booking systems.

Additionally, such services as well as other services/companies such asbanks and credit card companies have long had the problem of verifyingthat the user attempting to make a reservation, booking or purchase isthe actual user that they claim to be. Similarly, customers would liketo know that the information that they are providing to theseservices/companies is going to the actual company and that theirinformation is secure. With identity fraud resulting from submittingpersonal information over the internet being a concern for many webusers there exists the need for a safer authentication alternative thancurrently exists.

Companies and organizations, such as software developers andpharmaceutical companies, have for a long time dealt with the problem ofpiracy. Not only are such entities harmed by lost sales from counterfeitgoods but consumers who unknowingly purchase counterfeit goods can beharmed by, for example, malware installed by hacked software or poorquality and mislabeled counterfeit drugs. Currently, such companies aretrying to develop methods in which the authenticity of their productscan be easily determined by their customers either prior to purchase orprior to use.

For services such as booking or calendar functions, information exchangeoften takes place as synchronizing booking or calendar entries. For thatpurpose, several important standardization efforts are going on. Forexample, SyncML is an industry initiative to develop and promote asingle, common data synchronization protocol.

vCalendar is an exchange format for personal scheduling information. Itis applicable to a wide variety of calendaring and scheduling productsand is useful in exchanging information across a broad range oftransport methods. A number of vendors have adopted the specificationbecause it allows their products to exchange calendaring and schedulinginformation. vCalendar is an open specification based on industrystandards such as the x/Open and XAPIA Calendaring and Scheduling API(CSA), the ISO 8601 international date and time standard and the relatedMIME email standards. The vCalendar format utilizes data normally storedwithin a calendaring and scheduling application, facilitating the crossplatform exchange of information about items such as events and to-do's.An event is a calendaring and scheduling entity that represents adesignated amount of time on a calendar. A to-do is a calendaring andscheduling entity that represents an action item or assignment. Forinstance, it may be an item of work assigned to an individual.

vCard automates the exchange of personal information typically found ona traditional business card. vCard is used in applications such asInternet mail, voice mail, Web browsers, telephony applications, callcenters, video conferencing, PIMs (Personal Information Managers), PDAs(Personal Data Assistants), pagers, fax, office equipment, and smartcards. In addition to text, vCard information may include elements likepictures, company logos, live Web addresses, and so on.

A common problem with all of these existing solutions is that they donot provide common semantics for different systems and the transfer ofinformation may not always be as secure, or at least perceived as secureby customers, as many customers wish. Another problem is that bookingsystems have multiple different and usually quite complex userinterfaces. If a customer wants to both make an appointment with adentist and book a taxi to take him or her there, the customer needs toenter all the booking information to both booking systems in differentways. While the dentist may have in place a secure method of makingreservations, authenticating the client who makes the reservation andreceiving payment for a booking, the taxi company may not.

Additionally, it becomes challenging to manage client replies forinstance when a client has been given a number of questions. Forexample, it makes sense to use SMS text messages to ask a client whichoption he or she chooses, because in many countries, like in Finland, itis very common to communicate with SMS text messages and they createrevenues to operators. However, if a client replies to several inquiriesby sending a number of text messages, it can be troublesome to find out,which answer corresponds to a certain question because the reply doesnot automatically include a reference to the question. Say, a serviceasks a client if they want to reserve, in addition to a flight ticket,also a taxi and a hotel room, and the client replies “yes” to onequestion but “no” to the other, the service does not necessarily knowwhich offer the client has accepted.

Other problems, such as clients not showing up for appointments, notusing a service more than once or long intervals between use of aservice can be addressed through the use of new systems and methods.

Accordingly, attempts to execute financial transactions wherein clientsutilize mobile terminals without additional proprietary software arehandicapped by limitations of current mobile communication protocols,such as the short message service (SMS). Notably, the SMS protocolprovides no standardized manner for authenticating mobile users ormanaging sessions. Lack of standardized authentication techniques leavessystems vulnerable to fraud, while lack of standardized sessionmanagement makes it difficult for service providers to keep track ofwhich of the clients' responses correspond to which questions from theservice provider. On the other hand, session management, fraudprevention and introduction of new services should not be overlycomplex.

SUMMARY OF THE INVENTION

It is an object of the present invention to alleviate one or more of theproblems identified above. Specifically, it is an object of the presentinvention to provide methods and equipment that provide improvementswith regard to one or more of session management, fraud prevention andsmooth introduction of services.

Embodiments of the invention can be utilized in a system that comprisesor supports one or more payment processor computers, one or more serviceprovider computers and one or more mediator servers. At least one ofeach computer or server coordinate to provide servers to user that is aholder of one or more payment cards. Some embodiments relate to thepayment processor computer, other embodiments relate to the mediatorserver, while yet further embodiments relate to the server providercomputers. It should be noted that while the user is a holder of one ormore payment cards, effecting payment does not always require use oreven possession of a physical card and mere information suffices in somecases, such as in online shopping. While this is convenient for honestuses, it opens possibilities for fraud.

For instance, one specific embodiment can be implemented as a method fora payment processor computer configured to manage transactions relatedto one or more services provided by one or more service providers andpayable by one or more payment cards. The method comprises performingthe following acts at the payment processor:

-   -   receiving a first request to authorize recurring payments        payable by a specific one of the one or more payment cards, the        first request globally identifying the specific payment card;    -   creating a token that identifies a specific one of the one or        more service providers, wherein the token fails to globally        identify the specific payment card but identifies the specific        payment card within payment cards issued to a holder of the        specific payment card;    -   sending the created token to a mediator server;    -   receiving from the mediator server an acceptance notification        indicating that the holder of the specific payment card has used        a mobile terminal via a mobile network to authorize recurring        payments to the specific service provider.

In another aspect, the invention can be implemented as a paymentprocessor computer configured to perform the acts specified above. Forinstance, the payment processor computer may be implemented as a servercomputer configured to communicate with the mediator server over atelecommunication network. The payment processor computer comprises amemory and one or more processing units. The memory stores programinstructions whose execution in the one or more processing units causesexecution of the acts specified in connection with the method. Forhigh-volume implementations, the payment processor computer may comprisemultiple processing units and load-balancing unit for distributingprocessing load among the multiple processing units.

In some implementations the payment processor computer complies withspecifications issued by Payment Card Industry (“PCI”) SecurityStandards Council, while the mediator server operates outside saidspecifications. This implementation facilitates introduction of newservices because transactions relating to the new services can bemanaged by the mediator server which does not have to comply with thePCI specifications.

For instance, the payment processor computer and mediator server mayprovide joint authentication of the holder of the payment cards. In oneimplementation, the holder of the payment cards is authenticated by thepayment processor computer using a first terminal and a first set ofauthentication information. The holder of the payment cards indicates asecond terminal also operated by the holder of the payment cards, andthe user of the second terminal is authenticated by using the secondterminal and a second set of authentication information. The firstrequest is received from a first terminal and indicates a secondterminal, wherein the first terminal and second terminal may share acommon physical device or reside in separate physical devices but thefirst terminal and second terminal use different authenticationinformation. In an illustrative but non-limiting example, the firstterminal is authenticated by using one or more of: a combination of useridentifier and password; a programmed microchip and a PIN code, whilethe second terminal may be authenticated by using a non-predictablereply address for sending a notification to the second terminal. If theuser of the second terminal has been able to respond to thenotification, this means that the second terminal has received thenotification from the mediator server. Otherwise the second terminal orits user could not know the non-predictable reply address. In view ofthe fact that the notification is sent to the second terminal which isidentified in the first request from the first terminal, any fraudulentaction is only possible if both the authentication information used fromthe first terminal and the second terminal are stolen before the theftis detected and the payment cards are suspended.

To facilitate use of services from a plurality of service providersoffering related services, the method of the payment processor computermay further comprise the following acts at the payment processorcomputer:

-   -   receiving a second request to authorize second recurring        payments to the second service provider, the second recurring        payments payable by a second payment card of the one or more        payment cards, wherein an association exists between services of        the first service provider and services of the second service        provider, and wherein the first and second payment cards may be        the same payment card or separate payment cards;    -   in response to the second request, using a mediator server to        obtain confirmation from the holder of the payment cards that        the second service provider may propose services to the holder        of the payment cards;    -   creating a token that identifies the second service provider,        wherein the token fails to globally identify the second payment        card but identifies the second payment card within payment cards        issued to a holder of the payment cards;    -   sending the created token to a mediator server;    -   receiving from the mediator server an acceptance notification        indicating that the holder of the specific payment card has used        a mobile terminal via a mobile network to authorize the second        recurring payments to the second service provider.

Another specific embodiment is a method for a mediator server configuredto manage transactions, which relate to one or more services provided byone or more service providers and are payable by one or more paymentcards. The method comprises performing the following acts at themediator server:

-   -   receiving, from a payment processor computer, a token that        identifies a specific one of the one or more service providers,        wherein the token fails to globally identify the specific        payment card but identifies the specific payment card within        payment cards issued to a holder of the specific payment card;    -   receiving, from the specific service provider, a proposal for a        service that incurs recurring payments payable by one or more        payment cards;    -   sending a notification to a mobile terminal operated by the        holder of the specific payment card, wherein the notification        identifies the proposal for the service that incurs recurring        payments, wherein the notification further identifies the        specific payment card within payment cards issued to the holder        of the specific payment card;    -   receiving, from the mobile terminal operated by the holder of        the specific payment card, an acceptance notification indicating        that the holder of the specific payment card has used the mobile        terminal via a mobile network to authorize recurring payments to        the specific service provider;    -   notifying the service provider and the payment processor        computer of the acceptance notification.

In another aspect, the invention can be implemented as a mediator serverconfigured to perform the acts specified above.

A still further embodiment can be implemented as a method comprisingperforming following acts at a service provider computer:

-   -   receiving information indicating that a holder of a specific        payment card may authorize recurring payments for one or more        services provided by a service provider in charge of the service        provider computer;    -   sending, to a mediator server, a proposal for a service that        incurs recurring payments payable by the specific payment card;    -   receiving from the mediator server an acceptance notification        indicating that the holder of the specific payment card has used        a mobile terminal via a mobile network to authorize recurring        payments to the specific service provider.

In another aspect, the invention can be implemented as a serviceprovider computer configured to perform the acts specified above.

BRIEF DESCRIPTION OF THE DRAWINGS

In the following section, specific embodiments of the invention will bedescribed in greater detail in connection with illustrative butnon-restrictive examples. A reference is made to the following drawings:

FIG. 1 shows a mediator that mediates services between a serviceprovider and a representative mobile terminal, wherein the service beingprovided is a booking service;

FIG. 2 shows a version of the mediator that is capable of servingmultiple service providers;

FIG. 3 represents a more detailed view of the system shown in FIG. 2;

FIGS. 4 and 5 are signaling diagrams depicting typical use cases in asystem as shown in FIGS. 1 through 3;

FIG. 6 shows an example of a dynamic dialog matrix being applied to aquery and reply;

FIG. 7 shows detailed phases of the booking process which is an exampleof a service offered by a service provider;

FIG. 8 shows an illustrative example of a dynamic dialog matrix;

FIG. 9A is a block diagram of a system configured to authorize paymentsfrom mobile terminals;

FIGS. 9B and 9C are signaling diagrams illustrating typical uses casesin the system shown in FIG. 9A; and

FIG. 10 schematically shows an exemplary block diagram for the variousinformation processing and/or mediating servers in the systemsde-scribed earlier.

DETAILED DESCRIPTION OF SOME SPECIFIC EMBODIMENTS

This detailed section begins with a description of session managementand authentication, with reference to FIGS. 1 through 8. It will beappreciated that the techniques for session management andauthentication, as described in connection with FIGS. 1 through 8, areapplicable to a wide range of services. For instance, FIGS. 9A through9C relate to provisioning of services in a system wherein payments areprocessed by a payment processor that needs to comply with a strict setof certification requirements. FIG. 10 relates to an exemplary hardwaredescription for the various servers and mediators.

The techniques disclosed herein can be used to provide a wide range offinancial services and transactions, including but not limited to:booking of a primary service; booking of a related service that relatesto the primary service; executing payment for the primary and/or relatedservices. An illustrative but non-exhaustive list of services includestransportation, accommodation, nutrition, entertainment, servicesrelating to health or appearances, consultation or other services. Fromthe point of view of the technical problems to be solved, namely sessionmanagement, authentication, fraud prevention and/or ease of serviceprovisioning, no distinction needs to be made between services andphysical objects. In other words, acquirement (eg purchase, loan, lease)of an object is an example of a service requested by a mobile user andoffered by a service provider.

The service providers are those with whom clients want to makeappointments, reservations, or other bookings and comprise the resourcesfor the booking system to allocate. Service providers conduct businessthrough service provider booking services. As used in this application,the mediator is a network based service available to the serviceprovider booking services over the network that provides additionalsemantics, translation and synchronization services needed forcommunication of the information needed for a client to complete atransaction with a service provider. The service provider bookingservices and the mediator are preferably applications operating onnetwork servers such as the Internet or a private intranet. In general,a system will comprise a plurality of service providers and serviceprovider booking systems (implementing service provider bookingservices), but it is possible to have a simple booking system for onlyone service provider in which case the mediator and service providercould be tightly integrated into a single application.

Clients preferably include clients communicating on mobile telephonescapable of receiving short text messages, such as Short Message Service(SMS) messages.

Of course, a system that is capable of handling SMS messages will alsohandle other clients with greater capabilities. In some implementationsthe mediator may communicate with mobile telephone clients through anSMS gateway. As is well known, SMS gateways are operated by mobilenetwork operators. The mediator communicates with clients using dialogs.In some implementations, the dialogs are short messages which presentinformation to the client and allow a simple reply. The dialogspreferably provide users with simple choices, such as a selectionbetween “yes” and “no”, or a simple selection from an ordered list.Dialogs can also be one way, such as an acknowledgment to a reservation.A transaction may typically involve a sequence of dialogs each involvinga simple response. Dialogs involve asynchronous communication bymessages. The system as described makes it possible to coordinatebookings among different service provider systems in order to fill aclients need, for example coordination of an airline booking withtransportation to the airport.

FIG. 1 is a diagram of a simple system, wherein reference numeral 100denotes a mediator, reference numeral 102 denotes a service provider'sbooking system, which is in communication connection with the mediator100 over a data network, such as the internet. Reference numeral 104denotes a user terminal having a dialog with the mediator 100 over amobile network. FIG. 2 shows a plurality of service provider bookingsystems communicating with a mediator over a network. FIG. 3 shows amediator 100 communicating with various service provider systems andusers with telephone devices communicating dialogs.

A reason-based customer dialog is a desirable improvement from theclient's point of view, because service providers can create their owndialogs for with each different kind of booking event. A dialog isclosely related to a certain booking situation. A dialog may becomeactivated automatically at the right moment, or the client can activatethe dialog as needed, or another entity in the system can send a messageto the dialog process of the mediator to activate the dialog. The dialogprocess then sends an inquiry to another entity in the system or informsthe client and possibly inquires client's choices. By means of this kindof dialog, the client can make reservations in several booking systemsusing only one user interface. The dialog process connects to remotebooking systems over an appropriate data network, such as the Internetor mobile networks.

A mediator service can be capable of transmitting booking informationbetween service provider booking systems. For example, after a bookingis entered into an airline booking system, a taxi booking system canoffer the client a lift to the airport. In this application, a bookingis an allocation of a single resource (either the airline booking or thetaxi in the previous example), while a reservation is the union of thebookings for all of the resources for the same event (the airlinebooking plus the taxi booking in the previous example). The dialogbetween the client, the mediator and the booking systems as well asstored customer profiles ensure that the client gets the reason-basedservice he or she needs, not intrusive advertising.

A client can make reservations as well as confirm, change, and cancelthem using many kinds of communication means, including but not limitedto the Internet, email, and mobile terminals. The client can alsosynchronize a calendar provided by the mediator or a service providerwith a calendar in a terminal device using mediator's synchronizationfunctions.

A service provider can remind clients to make reservations on a regularbasis and thus increase customer loyalty. A mediator can help serviceproviders to bring their booking systems together to provide morecomprehensive services without extending their businesses unnecessarily.Because of internationalization, the mediator is able to support forexample many languages, time zones, currencies, and data formats.

The system, including at least a mediator, a dialog process, a serviceprovider, and a service provider booking system, can be on one of thefollowing levels:

-   1. There is a predetermined set of dialogs in the system. Their    content and the possible choices are set in advance. For example, if    a client books a flight, a dialog always offers certain other    bookings. Client's prior actions are not taken into consideration.-   2. There is an unlimited number of dynamic or “intelligent” dialogs    that are based on, for instance, a profile that a client has created    himself or herself, usage history records, and client's location.    Simple logic supports decisions. It is a low-level expert system.-   3. The system is able to make decisions by itself and to support    client's decision making. On this level, a dialog process may    include a high-level expert system. It can act as an agent and    negotiate with several service providers to get the best offer    without client's direct involvement.

In one exemplary use case, a client books a service from a serviceprovider. The booking may be carried out using a terminal that isconnected to the mediator service. First, the client connects to themediator service using a dialog. The client inputs a reservation inquiryto the dialog process that sends the inquiry to the mediator. Themediator inquires possible reservations from the service provider'sinformation system using concepts and terminology that those servicesare able to interpret. The inquiry is based on client's preferences. Theclient discloses some preferences that are related to the specificbooking when they enter the reservation inquiry to the dialog. Inaddition, the dialog process and the mediator service may have stored aclient's general preferences and use them so that the client do not needto input all the preferences each time.

In some implementations, management of the inquiry and booking processesmay be based on sophisticated state models. Each booking processinvolves several phases that are described by states that track itsstatus through its life cycle. For example, when the mediator hasinquired about a reservation from a service provider, the correspondingentry in each system has a state that the booking is pending but notconfirmed. If the systems do not have common understanding what acertain state means, the mediator translates them. A preferred bookingprocess including the phases and states is described in Example 1.

In addition to inquiring reservations from the service provider, themediator is able to synchronize bookings in several service providers'systems. The synchronization is based on rules specified in the mediatorservice. For example, a rule can be that “if a client inquires bookingfor an airline ticket, inquire also bookings for taxis to the airport.”Therefore, an inquiry from the client may be multiplied in the mediatorservice resulting a number of inquiries. The service providers answer tothe mediator if they are able to provide requested service and they mayadd some additional information, like on seats or timing. The mediatorcombines gathered information and sends it to the dialog process thatshows a simple list of options to the client. For example, the dialogprocess may show three options for a flight and ask if the client alsowants to reserve a taxi that is actually already tentatively booked bythe mediator. The client makes his or her decision by choosing theoptions from the simple list of alternatives. The dialog process sendsinformation on the client's choice to the mediator that confirms thebookings in accordance with client's choices and cancels the unnecessaryreservations.

FIG. 4 shows a sequence diagram of an inquiry CINQ1 originated by aclient using a dialog DINQ1 sent to the mediator. The mediator initiatesthe inquiry MINQ1 which corresponds to CINQ1 and DINQ1 to booking system1 a service provider booking system. Ultimately an answer DANS1 getsback to the client offering a choice which is responded to with aselection CSEL1 resulting in a booking by the client on booking system1. The mediator recognizes the potential need for a complementaryservice from booking service 2 and initiates an inquiry, MINQ2, tobooking system 2, which ultimately results in a proposal includingseveral choices, DANS2, returned to the client from which a selection,CSEL2, is made, resulting in a complementary booking on booking system2.

The bookings can be done in other means as well, for instance, bycalling the service provider with a telephone or by visiting on site theservice provider's office. In that case the service provider may informthe mediator about client's bookings so that the mediator can inform theclient on other options. For example, a dentist could tell the mediatorthat the client has booked an appointment so that the mediator may offerto book a taxi also.

Also, it is possible to add a reminder to the mediator service so thatthe mediafor asks at certain time if the client wants to make a newbooking. For instance, the mediator can send a notice to the client thatit has been a year since the client last had an appointment with his orher dentist and ask if the client wants to make a new appointment. Thisnotice can already include a few options for the appointment. Themediator has checked the client's calendar if he or she has allowed thatso that the given options are convenient for the client. The dialogshows the options in a simple and handy way.

The client needs only to choose which option is the best for him or heror whether he or she wants to get new options or postpone the booking.FIG. 5 is a time sequence chart for a situation where the originalinquiry, MINQ1, was initiated by the mediator.

Example 1 An Exemplary Booking System

Referring now to FIG. 3, an exemplary environment in which the inventioncan be utilized for management of bookings will be described below. Inthe implementation currently described, the mediator 100 is designed tointerface with various service-specific systems generally denoted byreference numeral 122. These systems may be used to provide the services(including physical goods) described earlier. In a typicalimplementation, the mediator 100 interfaces to the service-specificsystems 122 over a data network such as the Internet. The mediator 100further interfaces to client terminals, such as mobile terminals capableof receiving text messages, over a mobile network. On a logical level,interfacing of the mediator 100 to the various service-specific systems122 and other parties may be accomplished by means of generic XMLdefinitions. For the exemplary case of managing of booking reservations,the mediator 100 may support vCard and vCalendar standards, since theyare used by many major booking and calendar systems.

In the presently-described implementation, the mediator 100 communicateswith the mobile terminals and their users using Short Message Service(SMS) via an SMS Gateway for asynchronous communication. The mediator100 may comprise a customer dialog process 124 configured to use DynamicDialog Matrix (DDM) technique, which may be used to facilitateauthentication and/or session management, as will be described in moredetail in connection with FIGS. 4 through 8.

A clear distinction needs to be made between the booking processes ofthe ultimate service providers and those of the mediator. The bookingprocesses of the ultimate service providers only cover normal bookingwith regard to time and resource reservation. The booking processes ofthe mediator comprise booking, work, and financing. Both processes leadto the same point. In a typical implementation, the process of themediator comprises seven phases as follows:

Phases (Status Handling)

The phases set up a coupling (analogous with a bond or rubber band)between the resources. In each phase of the mediator process, datarelated to the booking will be amended to reflect the needs of the phasein question. For the statuses and values please see the underneathtable. The phases are described in more detail in the followingdiscussion.

1. Filing

Filing means initialization of a mediator process and a booking process.As a result of the initialization an entry is inserted in the databasewith basic information. It will not appear in a calendar since there isno scheduling information. It can be displayed in a separate task listof the owner as an open task.

2. Requesting

In the Requesting phase a booking request is sent to the resourcesrequired for the previously filed task. Since there is no scheduling,which in most cases will be essential, this phase may be executedtogether with the Scheduling phase.

3. Scheduling

Schedule is given to the owner and the resources. As a part and a resultof the Scheduling the following data is needed:

a) suggested start-time (ISO time-stamp w/time zone)b) suggested start-location (coordinates)c) suggested end-time (ISO time-stamp w/time zone)d) suggested end-location (coordinates)

4. Confirming

Time and location as it is accepted by the resources that have accepted.Data related to this phase:

a) accepted start-time (ISO time-stamp w/time zone)b) accepted start-location (coordinates)c) accepted end-time (ISO time-stamp w/time zone)d) accepted end-location (coordinates)

By default the data is copied from the Requesting and/or Schedulingphases. In practice, if planned time is not needed, the same datastructures can be used for this and status indicates the actual meaningof the data.

5. Working

The resources perform the booked task. Data related to this phaseconsists of different attributes and their values, which are related tothe actual task. In addition, following static structures are needed:

a) actual start-time (ISO time-stamp w/time zone)b) actual start-location (coordinates)c) actual end-time (ISO time-stamp w/time zone)d) actual end-location (coordinates)e) products used, extras, mileage,

By default the data is copied from the Confirming phase.

6. Accounting

At this point all data stored in the data structures on previous phasesis analyzed and processed for invoicing purposes. Data related to thisphase: Accounting data. To be defined separately.

7. Completing

The task has been completed. As regards the mediator processes, it isirrelevant whether the task succeeds or not. Success or failure of thetask is relevant to the Accounting phase, in which the financial actionsto the organizer are handled. In this phase, housekeeping (databasecontents; temporary files, etc.) is performed in order to complete themediator process. The following table shows data available in eachphase. Booking phase is with “XX”.

Filing X XX Requesting X X XX Scheduling X X X XX Confirming X X X X XXWorking X X X X X XX Accounting X X X X X X Completing X X X X X X XPhase/Data Identifying Resources Suggested Accepted Task's AccountingClosing time time work related

Phases, Statuses, Values, and Transitions

The following table describes the phases, their statuses, and valuesalong with transition to next logical phase based on the values gotten.In addition, corresponding vCalendar statuses are shown when applicable.

Phase Status Next Phase vEvent vTodo Filing Requesting RequestingScheduling Sent Sent Scheduling Pending Confirming Needs Needs ActionAction Scheduling Scheduled Confirming Needs Needs Action ActionScheduling Re-scheduled Confirming Needs Needs Action Action ConfirmingAccepted Working Confirmed Accepted Confirming Declined AccountingDeclined Declined Confirming Tentative Accounting Tentative ConfirmingDelegated Requesting Delegated Delegated Confirming Re-schedulingAccounting or requested Scheduling Confirming InProgress Working WorkingInProgress Working Working Delayed Working Working Started WorkingWorking n % ready Working Working Ready Accounting Accounting CompletingCompleting <Copied from n/a phase before Accounting>

Internal phases Paused, Re-started, and Canceled act as follows for allrelevant phases at any point:

<Phase y> Paused <Status x> <Phase y> Re-started <Status x> <Phase y>Cancelled Accounting

FIG. 7 shows the work flow transitions from phase to phase. Forconditions, see the table above. Also, please note that Canceled Statusalways leads to accounting.

Confirming the (Whole) Reservation

In order for the whole Reservation to be successful, all resources,which accepted the reservation, need to have the same scheduling. Inaddition, there will resources in different roles and data related tothe working phase may vary greatly. The different statuses of the wholereservation are:

-   a) “NoReplies” (0) for “No-one hasn't replied to the request made by    the organizer”-   b) “NoDeclines” (1) for “Not all invitees have replied yet. The ones    who have replied have accepted”-   c) “AllAccepts” (2) for “all invitees have confirmed”-   d) “SomeDeclines” (3) for “Some of the invitees have declined”-   e) “AllDeclines” (4) for “All of the invitees have declined”.

The following decision table helps in evaluating the status of the wholebooking. “Maybe” means that this condition only does not incontestablyspecify true or false result.

Booking No one No one Some All No one Some Status/Confirmations answeredaccepted accepted accepted declined declined All declined NoReplies TrueMaybe Maybe NoDeclines True Maybe Maybe True True NoAccepts True TrueMaybe Maybe True AllAccepts True True Maybe SomeAccepts True Maybe MaybeMaybe AllDeclines Maybe True SomeDeclines Maybe Maybe True Maybe

Based on the information and decision table above theorganizer/application has to make the decision of what to do with thereservation. That can be an automatic decision made by the system basedon pre-set rules or made by the organizer manually.

FIG. 6 shows an example of the dynamic dialog matrix applied to a queryand reply. An application sends a service request to a user to amediator B. The mediator B picks up random B address from a group ofavailable B addresses wherein it can receive responses from the user.After defining the B address, the mediator B sends a query to user A,wherein the query may consist of a list of choices from which the user Amay select the reply. The user A receives the query in their terminaland sends a reply to that query to the B address. The mediator Breceives the user's reply in the B address. After receiving the replyfrom the user A, the mediator B processes the reply. First the mediatorB validates the A address (which is the user's address). In case the Aaddress does not correspond to the A address whereto the message wassent, the mediator B may inform the application that no response wasreceived. In case the A address corresponds to the A address to whichthe mediator B has sent a query, the mediator B verifies the B address(the reply address into which the reply was received). Correspondingly,in case the B address is not a valid B address for the user, themediator B may inform the application that no response was received. Incase also the B address corresponds to the B address that the messagewas sent from, the mediator B matches the reply C to the list ofavailable choices for that message. If the reply does not correspond tothe available list of choices, the mediator B may send an errorinformation to the application, or send a new query to the user A. Ifthe reply corresponds to the available list of choices that was sent tothe user, the mediator B sends a return service response to theapplication.

The system as described in connection with FIG. 6 may have a pluralityof B subscriber addresses, such as telephone numbers, wherefrom themediator B may select a subscriber number where the message to the userA is sent. Further, the user A preferably has a mobile telephone, havinga mobile subscriber number, whereto the message is sent, and wherefromthe user A may respond to the query. The messages to and from themediator B are sent over the telecommunication network.

A major problem solved by the dynamic dialog matrix is the challenge ofmanaging client replies, when a client has been given a number ofquestions and the client is using SMS text messages or similartechnology in which a reply does not automatically include an explicitreference to the inquiry. An inquiry always includes some kind ofreceiver's address or identification. In the SMS text message case thatis so called B subscriber's number. On the other hand, sender's Asubscriber's number or Calling Line Identity (CLI), or similaridentification is also attached to each text message. Therefore theclient or B subscriber is usually easily able to answer a message usingmobile device's answer or reply function. If a mediator service thatsends inquiries to a client, uses different A subscriber numbers indifferent inquires, it is possible to differentiate between answersbased on which number the client is sending replies to. For example, ifa mediator sends a client an inquiry “Do you also need a taxi?” using Asubscriber number A1 and then inquiries “Do you need a hotel room?” fromA subscriber number A2, client's reply to the first question goes tonumber A1 and the second answer goes to number A2. Using a dialogmatrix, a mediator keeps track on inquires and answers. In the matrix,there is a column for each client and a row for each A subscriber numberthe mediator is using. Obviously, there could be a row for each clientand correspondingly a column for each A subscriber number as well. Aftersending an inquiry from a certain A subscriber number to a client, thestatus and the reply is stored in the corresponding shell of the matrix.As a result, the mediator is able to find out whether the client hasreplied to a certain inquiry and what the answer was. Also, it ispossible to use the matrix to collect information about clients'behavior and use it for example for marketing purposes. A mediator needsonly a limited number of A subscriber numbers. A dialog matrix can alsobe used to find out which A subscriber numbers can be used when the nextinquiry to a certain client is sent.

The use of the Dynamic Dialog Matrix as described above is illustratedin FIG. 7. The Dynamic Dialog Matrix is also a powerful but very simplesecurity measure for authenticating a mobile phone user who has only thecapability of sending and, receiving messages. The problem is for aservice to confirm a sender's identity. One way to try to identify theuser is to check the sender's address. Normally SMS, e-mail, and otheralike messages have the sender's address attached. That address can befor example the sender's A-subscriber's number or Calling Line Identity(CLI), or e-mail address or IP address. However, it is quite easy tofalsify a sender address. From the service provider's perspective, thedownlink from a service provider to a user is usually relativelyreliable and it is hard for others to capture or change messages, butthe uplink from a user to a service provider is much more vulnerable andit is not too difficult to give a wrong sender's address. A well-knownsolution to the above problem is to use encryption technologies tosecure the communications, public-key infrastructures (PKI) being goodexamples. For instance, a user device can be equipped with a microchip,a secure SIM card in GSM devices for example, to encrypt messages usingthe user's private key. Then the service provider can be sure that themessage is from the user, if it can be decrypted using the user's publickey. However, this solution requires special devices that are not verycommon, inexpensive, or standardized so far. Relying on such a solutionrestricts the number of potential users significantly.

Using the DDM provides a novel solution. When the service sends arequest to the mobile phone user, each request contains a different,preferably randomly chosen, reply number. Thus an acceptable answer isonly the one that is sent to the correct reply address.

An example is for authenticating a user who is making a purchase, egpurchasing a software product “ABC”. The user first initiates a purchaserequest to the company/service, eg directly in the software program, viaan internet website or via a mobile device. The company/service thenknows the user name and possible other identification information andsends a request to a credit card company to request a payment. Thecredit card company then sends a request to a mediator to authenticatethe purchase. The mediator knows the user and the user's mobile numberand sends a message, eg SMS or MMS, to the user's known phone number. Anexample of a message could be:

-   -   “Dear Mr. Client, your credit card was used to purchase product        ABC on 27 Mar. 2010 for 299 euros. Please reply:    -   y—to accept the payment on VISA xxxx xxxx xxxx 123    -   n—to reject the payment or    -   f—to report a fraud on your credit card”.

By responding to the message from the known user's mobile number with anacceptable response allows the mediator to respond to the credit cardcompany if the user authorizes the purchase or not. Thereafter, thecredit card company may authorize the payment and inform thecompany/service. Additionally, if the mediator sends the message from arandomly chosen reply number as discussed above, there is an added layerof authentication. Because it is possible for a fraudulent user todetermine a credit card holder's mobile number and fake a message fromsaid number, it would be extremely improbable for them to know whichreply number the authentication message would originate from. The abovemay also be used, for example, with money transfers between a user'sbank and the company/service.

An additional element of safety and security can be achieved usingsemantic analysis. For example, if the user is asked to tell how manyitems are ordered, and the answer is “y” or “yes”, then apparently theuser did not know what the question was and the message was not ananswer for the enquiry.

Such a system can also provide a level of security for the user. Themediator can authenticate the company/service, by any acceptable method,and only send authentication messages once the company/service has beenauthenticated. Then, if the user does not provide their mobile numberwhen providing their identification information, when they get anauthentication message, even from a number they do not recognize, theywill know that the mediator has authenticated the company/service.

While the present example has been explained in terms of the mediatorsending the message, the message could be sent by a secondary entity atthe request of the mediator. For example, when the mediator receives arequest to authenticate a transaction, the mediator can then provide theuser's bank with the necessary transaction details and request that thebank send the necessary authentication method. Another example would beif the mediator sends a request to the bank for some of the user'sidentity information, eg mobile number, so that it can proceed withsending the actual request itself or through a tertiary service providerwhich handles the actual message sending.

Additionally, though the present example has been described with thetransaction being the purchase of a product and authentication of theuser for payment, the same system and similar method can be used forother transactions, such as the authentication of the purchased product.

The use of a Dynamic Dialog Matrix (DDM) allows for authentication andverification of products, services and transactions based on a pluralityof combinations of data. Based on as little as two pieces of informationfrom the DDM an entity can be verified. Based on more pieces ofinformation from the DDM, a higher degree of verification can beachieved.

A DDM which is being used for verification purposes can contain, or haveaccess to, multiple of some or all of the following: reply addressesused for sending messages, reply addresses for which messages arereceived, user addresses, questions, acceptable answers for questions,order of receiving answers and verification information (eg productkeys, ID codes). A key to the DDM is that it allows verification betweena company/service and a user through a mediator (and possibly throughanother party) by matching information that each entity knows and theothers should not know. Some examples are as follows:

If a user downloads a piece of software from the internet they want toknow that the software is legitimate, ie, not pirated or hacked, whilesoftware developers want to make sure that users are paying to activatetheir programs. Therefore, prior to use the user is requested to enter aproduct key. The user sends a message, eg SMS, to a number with aproduct ID code. If the ID code is valid and has not been previouslyregistered then the user receives a message with the product key.Therefore, the DDM matches the user entered product ID code with anindicator if it has been registered to verify if a product key should beissued. A similar process could work in conjunction with the paymentprocess described above. Once the purchase of the software isauthenticated as described above then an additional message can be sentto the user with the applicable product key. A similar method and systemcan be used to verify the legitimacy of virtually any product, such asmedicine or trademarked products. If the product has a code printed onthe packaging and a known number associated with the productsmanufacturer or verification then a consumer can send a message to theknown number with the product code to receive an indication if the codeis valid and if it has been previously checked. Benefits to this systemare that if pirated products do not have a code printed on the productor have an invalid code then the user will know right away.Additionally, if multiple users check the same code then the productmanufacturer or verifier can check in to if the code has been reproducedby a manufacture of a pirated product. A further benefit to the systemis that the product manufacturer can immediately send an inquiry back tothe user if the product is determined to be pirated or suspected ofpiracy. An inquiry may be to ask where/when the product was purchased,what the purchase price was and/or other information which can be usedto identify the entity responsible for the piracy or distribution ofpirated goods.

The process may also be such that the user sends a code to the knownnumber to receive information if the product is authentic or a pirateproduct. Thereafter, the manufacturer requests a further code or alikeinformation from the user. When using two pieces of information (andpossibly another sender identity than whereto the user sent the firstmessage) to authenticate the product, the level of security isincreased.

FIGS. 9A through 9C illustrate how an embodiment of the invention can beused to authorize recurring mobile payments. Specifically, FIG. 9A is ablock diagram of an embodiment of the invention, which can be used toauthorize mobile payments, while FIGS. 9B and 9C are signaling diagramillustrating series of events in the system shown in FIG. 9A.

As used herein, a mobile payment refers to a payment transactioneffected over a mobile network.

Some of the elements shown in FIG. 9A are located in a PCI-compliantenvironment 9-100, wherein “PCI” stands for Payment Card Industry.Compliance specifications for the PCI-compliant environment 9-100 arepublished by PCI Security Standards Council, currently on addresswww.pcisecuritystandards.org.

The elements in the PCI-compliant environment 9-100 include a paymentprocessor 9-200, its associated database 9-202 and at least one merchant9-250 as a legal entity. The database 9-202 stores general account andaddress information 9-210 on the users and merchants. While storing suchinformation is considered good housekeeping for auditing or the like, itis strictly speaking not essential for the present embodiment. Some ofthe merchants 9-250 operate respective online stores or serviceproviders 9-400, 9-401 through 9-40 n outside the PCI-compliantenvironment 9-100. When a representative service provider is discussed,reference numeral 9-400 is generally used, while reference numerals9-401 through 9-40 n may be used when individual service providers needto be referenced.

Other elements outside the PCI-compliant environment 9-100 include amediator 9-300 and a number of users, a representative one of whom isdenoted by reference number 9-600. The mediator 9-300 is a version ofthe mediators 100 described earlier, the present version being adaptedto mediate between entities both inside and outside the PCI-compliantenvironment 9-100.

In the present embodiment, the user 9-600 has multiple roles. Firstly,the user is a customer of the processor 9-200 and accordingly, a holderof one or more payment cards, one of which is denoted by referencenumeral 9-610. While reference numeral 9-610 denotes the payment card,reference numeral 9-612 denotes the information on the payment card9-610 that suffices to globally identify the payment card. In otherwords, knowledge of the complete information 9-612 enables anyone havingthat knowledge to make payments (honest or fraudulent) that may bechargeable to the holder of the payment card 9-610. The user 9-600 isalso a subscriber of a mobile access network 9-500 and a user of atleast one mobile terminal 9-620.

When the system according to FIG. 9 is put into use, the followingassumption and conditions are in force.

-   1. There is an initial trust relation between the payment processor    9-200 and mediator 9-300. For instance the trust relation may be    established by legal contracts signed between the operators (as    legal entities) of the processor 9-200 and mediator 9-300, and the    legal entities instruct the processor 9-200 and mediator 9-300 (as    network nodes) to trust each other. As used herein, an “initial    trust relation” may mean, for instance, the processor 9-200    authorized the mediator 9-300 to process transactions within a set    of initial limits. During operation of the system, the limits may be    increased.-   2. There is an initial trust relation between each service provider    9-401-9-40 n and the payment processor 9-200. There is also an    initial trust relation between each service provider 9-401-9-40 n    and the mediator 9-300.-   3. There is an initial trust relation between the payment processor    9-200 and the user 9-600 as a holder of one or more payment cards    9-610.-   4. There is an initial trust relation between the mediator 9-300 and    the user 9-600 as a mobile subscriber using mobile terminal 9-620.

The set of initial trust relations have a few gaps, however. Firstly,because the processor 9-200 must operate in the PCI-compliantenvironment 9-100, it is imperative that the complete credit cardinformation 9-612 (that is, information sufficient to make fraudulentpurchases) is not conveyed outside of the PCI-compliant environment.This means, for instance, that although the mediator 9-300 is trusted tomediate payment card transactions between service providers and mobileusers (as payment card holders), the mediator must be able to operatewithout information that globally identifies the users' payment cards.Furthermore, it is an open question what links each user's paymentcard(s) 9-610 and mobile terminal(s) 9-620.

It is another open question of how the various service providers 9-401through 9-40 n, or a subset of them providing mutually related services,can be authorized to offer services to a user 9-600 that has authorizedmobile transactions from one service provider.

An elementary use case involving an initial transaction to an individualservice provider will be described next, in connection with FIG. 9B. Instep 9-2 the user 9-600 performs a registration to the web site of theprocessor 9-200. In the registration, the user 9-600 authorizes anexemplary service provider 9-401 to offer services that may be chargedagainst the user's payment card 9-610. For instance, the registrationmay be performed over the internet by utilizing any internet-enabledterminal, which may or may not be the same terminal as the user's mobileterminal 9-620. In the registration, the user may be authenticated byutilizing bank authentication, for example. In some implementations, theinitial registration 9-2 may require bank authentication or some otherform of strong authentication, while subsequent uses, such asconfiguration changes, may require lesser authentication, such as a userID/password combination that is issued during the initial registration9-2.

The user effectively gives a permission for service provider 9-401 tooffer services to the user 9-600, by referencing the payment card 9-610.In step 9-4, the processor 9-200 stores information on the permissiongiven by the user 9-600. For instance, the processor 9-200 may store aninformation tuple 9-212 that comprises the user's true identity, mobileidentity, payment card number and the service provider's identity.Again, the information tuple 9-212 is considered good housekeeping forauditing purposes while, strictly speaking, it is not absolutelynecessary to effect payments.

In step 9-6 the processor 9-200 creates a “token” 9-214 that indicatesto the mediator 9-300 that the information tuple 9-212 has beenestablished. For the purposes of the present embodiment, the token 9-214is a filtered or reduced version of the information tuple 9-212 thatfully identifies the permission given by the user 9-600 to the serviceprovider. For instance, the full identification information 9-612 on theuser's payment card(s) may not be conveyed to entities outside thePCI-compliant environment. Instead of the full identificationinformation 9-612, the token 9-614 only contains sufficient informationto identify a specific payment card 9-610 to the user/card holder 9-600.In the present context, such information is shown as “PaymentCardREF” inthe drawings, as this information item enables the mediator to referencethe specific payment card 9-610 to the user/card holder 9-600. In theexample shown, the “PaymentCardREF” information item may have a value of“VISA 4567”, whereby it identifies the specific payment card among thepresent user's payment cards but fails to globally identify the paymentcard. In step 9-8, the processor 9-200 sends the token 9-214 to themediator 9-300.

In step 9-20, the service provider 9-401 detects an opportunity to senda service offer to the mobile terminal 9-620 of the user 9-600. Thereare many ways for the service provider 9-401 detect such an opportunity.For instance, service provider 9-401 may detect that the user is aboutto request or has requested some service(s) from the service provider,and the service provider may offer some related service(s) to the user.Alternatively or additionally, the user 9-600 may navigate to theservice provider's web site and request information on services, therebypermitting sending of service offers to the user's mobile terminal. Instep 9-22 the service provider 9-401 sends a service proposal to themediator 9-300. The service proposal 9-22 contains an identifier of thetoken 9-214 that was created in step 9-6. The service proposal 9-22further contains details of the offer, such as what is being offered andat what price, etc. In step 9-24 the mediator 9-300 reformats the offerand relays it to the user's mobile terminal 9-620. In addition to thedetails of the offer, the reformatted offer 9-24 contains the“PaymentCardREF” information item, which only identifies the paymentcard to the user/card holder 9-600 but fails to globally identify it.While the reformatted offer 9-24 is sent to the user's mobile terminal9-620, the service provider 9-401 does not have to send the mobile ID tothe mediator 9-300 because the mobile ID can be obtained from the token9-214 that was sent to the mediator in step 9-8.

In step 9-26 the user 9-600 responds from their mobile terminal 9-620.Assuming that the DDM technique described elsewhere in this patentspecification is used, the user 9-600 user only has to send a “Y” for“Yes” and anything else (including no response) for “No”, for example.Similarly, the offer may contain a list of choices (e.g. A, B, C, D)from which the user selects one by replying a “A” for choice A. Even ifmultiple service providers 9-401-9-40 n are sending multiple offerseach, the DDM technique keeps track of which response from the usercorresponds to which service offer from which service provider. In step9-28, the mediator 9-300 utilizes the DDM technique and therebyidentifies which service offer the user is responding to. In step 9-30the mediator 9-300 forwards the user's acceptance to the serviceprovider 9-401. In step 9-32 the mediator 9-300 conveys information onthe user's acceptance to the processor 9-200 for charging purposes. Inan alternative implementation, the service provider may notify thepayment processor. In some embodiments the step 9-32 may be executed bythe service provider 9-401 which conveys information on the user'sacceptance to the issuer 9-200 for charging purposes.

In step 9-34, the service provider may send a confirmation which,strictly speaking, is considered good manners and good housekeeping, butis not absolutely essential for providing the requested service.

While the above steps 9-2 through 9-34 suffice to establish recurringpayments in respect of one mobile user/terminal and one serviceprovider, there is a desire to facilitate combining service offeringsfrom multiple related service providers.

For instance, assume that the service provider 9-401 is an airlinecarrier. Under this assumption, the opportunity-detecting step 9-20 maybe implemented such that airline Carrier is an example of a merchant9-250 inside the PCI-compliant environment 9-100, and this entitynotifies the service provider 9-401, which is an example of an onlinestore outside the PCI-compliant environment 9-100.

In some use cases the airline carrier's online store may use theopportunity 9-20 to offer additional services, in which case thepayments may be processed as described in connection with FIG. 9B(initial preparatory steps 9-2 to 9-8, recurring steps 9-22 to 9-34). Inan illustrative but non-exhaustive example, the first service may be anairline ticket, while the additional services may include one or more ofa seat upgrade, user-selectable seat, shuttle service, or any additionalservice provided by the service provider 9-401 by using the tokencreated in steps 9-6 . . . 9-8.

In other use cases it may be desirable to offer services to a user 9-600from related service providers, wherein the mediator 9-300 has no tokenfor the combination of user and service provider. In such cases, anumber of issues should be resolved. For instance, which serviceproviders, related to the original service provider 9-401, should bepermitted to offer related services? As used herein, the originalservice provider means the service provider wherein the mediator has atoken for that service provider and the user. While useful informationon related services is often valuable to a customer, unreasonablespamming is not. Another open question is which entity shoulddiscriminate between service providers who may offer related services tothe user and service providers who may not. Yet another open questionwhich information is to be used and how in the discrimination betweenthe service providers.

In some implementations, the mediator 9-300 determines which relatedservice providers may send offers to the user 9-600, in a situationwherein a token exists for the user 9-600 and an original serviceprovider 9-401. In the present context, the original service providermeans the one from whom the user has requested one or more services.

There are many different techniques by which the mediator 9-300 maydetermine which related service providers may send related offers to theuser 9-600. For instance, the operators of the various service providers(as merchants/legal entities 9-250) may agree on a set of initial trustlevel and a set of initial rules, and these sets of rules are deliveredto the mediator. In a more ambitious implementation, the mediator 9-300may dynamically adjust the trust level and/or the rules. For instance,the mediator 9-300 may adjust the trust level and/or rules based onimplicit and/or explicit feedback from the users. In an illustrativeexample of implicit feedback, the mediator 9-300 monitors the acceptancerates of service offers from the service providers and increases ordecreases the trust level depending on whether the acceptance rate meetsor fails to meet some static or dynamic threshold value. A limitation ofthis technique is that the trust level of service providers is based onacceptance of the offer but the actual quality of the service is notevaluated. In an illustrative example of explicit feedback, the mediafor9-300 monitors feedback from the users, which is separate from theacceptance of service offers. Such separate feedback, which may beentered from the users' mobile terminals or web terminals, may take intoaccount the actual quality of the service.

Assuming that service provider 2, denoted by reference numeral 9-402, isone that meets the mediator-implemented criteria such that the serviceprovider 2 is permitted to send offers to the user 9-600 that hasalready accepted offers from service provider 1 (and creation of a tokenfor that service provider 1).

Referring now to FIG. 9C, steps 9-20 through 9-34 have already beendescribed in connection with FIG. 9B, and a duplicate description isomitted. The steps 9-20 through 9-34 are repeated in FIG. 9C for theuser's convenience, with abbreviated legends.

The second major section in FIG. 9C, namely steps 9-42 through 9-56,relate to creation of a token for recurring payments from the user 9-600to service provider 2, 9-402. What these steps accomplish, is largelyanalogous with creation of the token for recurring payments from theuser 9-600 to service provider 1, 9-402, that was described inconnection with FIG. 9B (see steps 9-2 through 9-8 for details). Theactual implementation is different, however. In the token-creation phaseof FIG. 9C, steps 9-42 . . . 9-56, it is not the user 9-600 who has theinitiative but the mediator 9-300. Accordingly, the user need notexplicitly register mobile payments for each individual serviceprovider. On the other hand, creation of the token for the user andservice provider 2 is not completely beyond the control of the usereither. In a preferred implementation, the user's permission to create atoken for related service providers is requested but inconvenience tothe user should be restricted to the minimum. Steps 9-42 through 9-56illustrate one way of accomplishing that.

As a result of step 9-26, the mediator 9-300 knows that the user 9-600has authorized mobile payments for services from service provider 1,9-401. The mediator 9-300 now uses this piece of information and, instep 9-42, prompts the processor 9-200 to request permission to create atoken for the combination of user 9-600 and service provider 2, 9-402.In step 9-44 the processor 9-200 requests permission from the user 9-600to create the token. In step 9-46 the mediator 9-300 relays the requestto the mobile terminal 9-620 of the user 9-600. In the present example,the user accepts the creation of the token and sends an affirmativeresponse (eg “Y”) in step 9-48. In step 9-50 the user's permission tocreate the token is conveyed to the processor 9-200, which creates arecord indicating the user's permission in step 9-52. In step 9-54 thepayment processor creates the actual token, which is sent to themediator in step 9-56. The three last steps of this phase, namely steps9-52 through 9-56 are similar to the respective steps 9-4 through 9-6 inwhich the first token was created in FIG. 9B.

The difference to steps 9-4 through 9-6 of FIG. 9B is that in FIG. 9Bthe user 9-600 does not have to initiate the token-creation process,authenticate him/herself, provide any details. Instead it is themediator that initiates the token-creation process, based on theknowledge that the user has requested service (and accepted charging)from service provider 1, for which the mediator is aware of relatedservice providers. The mediator does not have all the requiredinformation for the token-creation process, nor does it need to have.Instead, the mediator only needs to know that the a token for thecombination of the user 9-600 and service provider 2, 9-402 should becreated, or that permission for its creation should be requested fromthe user. The remaining details for the user's permission and token,most notably the payment card identification information 9-612, areknown by the processor 9-200.

It is also worth noting here that the user needs to authenticatehim/herself and/or specify which offers from multiple simultaneousservice offers from one or more service providers are accepted and whichare declined. It is possible to utilize the DDM technique describedearlier in this patent specification to provide authentication and/ormatching user responses to service offerings. In some implementationsthe DDM technique may be omitted, at least for low-valued transactionsand/or in connection with users with good history.

As a result of the token-creation process that was notified to themediator in step 9-56, service provider 2, 9-402 is now notified of thecreation of the token. This notification step 9-58 deliberately leavesopen the question of which entity sends the notification. Depending onimplementation, the notification can be sent from the processor 9-200 ormediator 9-300 as they both have the same information available.

Steps 9-62 through 9-74, in which the service provider 2, 9-402 sends anoffer to the user 9-600 and the user accepts, are analogous with therespective steps 9-22 through 9-34, the sole difference being theservice provider. In the first case (steps 9-22 through 9-34) it wasservice provider 1, while in the latter case (steps 9-62 through 9-74)it was service provider 2.

FIG. 10 schematically shows an exemplary block diagram for the variousinformation processing and/or mediating servers in the systems describedearlier. For instance, such a server architecture, generally denoted byreference numeral 10-100, can be used to implement the mediators 100and/or the servers for the service-specific systems 122, an example ofwhich is the booking system 102. The two major functional blocks of thedatabase server system SS are a server computer 10-100 and a storagesystem 10-190. The server computer 10-100 comprises one or more centralprocessing units CP1 . . . CPn, generally denoted by reference numeral10-110. Embodiments comprising multiple processing units 10-110 arepreferably provided with a load balancing unit 10-115 that balancesprocessing load among the multiple processing units 10-110. The multipleprocessing units 10-110 may be implemented as separate processorcomponents or as physical processor cores or virtual processors within asingle component case. The server computer 10-100 further comprises anetwork interface 10-120 for communicating with various data networks,which are generally denoted by reference sign DN. The data networks DNmay include local-area networks, such as an Ethernet network, and/orwide-area networks, such as the internet. Assuming that the servercomputer 10-100 acts as a mediator 100, it may serve one or moreservice-specific systems 122 via the data networks DN. Reference numeral10-125 denotes a mobile network interface, through which the servercomputer 10-100 may communicate with various access networks AN, whichin turn serve the mobile terminals MT used by end users or clients.

The server computer 10-100 of the present embodiment may also comprise alocal user interface 10-140. Depending on implementation, the userinterface 10-140 may comprise local input-output circuitry for a localuser interface, such as a keyboard, mouse and display (not shown).Alternatively or additionally, management of the server computer 10-100may be implemented remotely, by utilizing the network interface 10-120and any internet-enabled terminal that provides a user interface. Thenature of the user interface depends on which kind of computer is usedto implement the server computer 10-100. If the server computer 10-100is a dedicated computer, it may not need a local user interface, and theserver computer 10-100 may be managed remotely, such as from a webbrowser over the internet, for example. Such remote management may beaccomplished via the same network interface 10-120 that the servercomputer utilizes for traffic between itself and the client terminals.

The server computer 10-100 also comprises memory 10-150 for storingprogram instructions, operating parameters and variables. Referencenumeral 10-160 denotes a program suite for the server computer 10-100.

The server computer 10-100 also comprises circuitry for various clocks,interrupts and the like, and these are generally depicted by referencenumeral 10-130. The server computer 10-100 further comprises a storageinterface 10-145 to the storage system 10-190. When the server computer10-100 is switched off, the storage system 10-190 may store the softwarethat implements the processing functions, and on power-up, the softwareis read into semiconductor memory 10-150. The storage system 10-190 alsoretains operating and variables over power-off periods. In large-volumeimplementations, that is, implementations wherein a single servercomputer 10-100 serves a large number of clients via respective mobileterminals MT, the storage system 10-190 may be used to store the dynamicdialog matrices associated with the clients and mobile terminals MT. Thevarious elements 10-110 through 10-150 intercommunicate via a bus10-105, which carries address signals, data signals and control signals,as is well known to those skilled in the art.

The inventive techniques may be implemented in the server computer10-100 as follows. The program suite 10-160 comprises program codeinstructions for instructing the set of processors 10-110 to execute thefunctions of the inventive method, wherein the functions includeperforming the service provisioning and/or mediator features accordingto the invention and/or its embodiments.

1. A method comprising performing following acts at a payment processorcomputer configured to manage transactions related to one or moreservices provided by one or more service providers and payable by one ormore payment cards: receiving a first request to authorize recurringpayments payable by a specific one of the one or more payment cards, thefirst request globally identifying the specific payment card; creating atoken that identifies a specific one of the one or more serviceproviders, wherein the token fails to globally identify the specificpayment card but identifies the specific payment card within paymentcards issued to a holder of the specific payment card; sending thecreated token to a mediator server; receiving from the mediator serveran acceptance notification indicating that the holder of the specificpayment card has used a mobile terminal via a mobile network toauthorize recurring payments to the specific service provider.
 2. Themethod according to claim 1, wherein the payment processor computercauses the mediator server to use the token to query if the holder ofthe specific payment wishes to authorize recurring payments to thespecific service provider.
 3. The method according to claim 1, whereinthe payment processor computer complies with specifications issued byPayment Card Industry Security Standards Council, while the mediatorserver operates outside said specifications.
 4. The method according toclaim 1, wherein the first request is received from a first terminal andindicates a second terminal, wherein the first terminal and secondterminal use different authentication information regardless of whetherthe first terminal and second terminal reside in separate physicaldevices or share a common physical device.
 5. The method according toclaim 1, wherein the one or more service providers comprise a firstservice provider and a second service provider, the method furthercomprising following acts at the payment processor computer: receiving asecond request to authorize second recurring payments to the secondservice provider, the second recurring payments payable by a secondpayment card of the one or more payment cards, wherein an associationexists between services of the first service provider and services ofthe second service provider, and wherein the first and second paymentcards may be the same payment card or separate payment cards; inresponse to the second request, using a mediator server to obtainconfirmation from the holder of the payment cards that the secondservice provider may propose services to the holder of the paymentcards; creating a token that identifies the second service provider,wherein the token fails to globally identify the second payment card butidentifies the second payment card within payment cards issued to aholder of the payment cards; sending the created token to a mediatorserver; receiving from the mediator server an acceptance notificationindicating that the holder of the specific payment card has used amobile terminal via a mobile network to authorize the second recurringpayments to the second service provider.
 6. A method comprisingperforming following acts at a mediator server configured to managetransactions, which relate to one or more services provided by one ormore service providers and are payable by one or more payment cards:receiving, from a payment processor computer, a token that identifies aspecific one of the one or more service providers, wherein the tokenfails to globally identify the specific payment card but identifies thespecific payment card within payment cards issued to a holder of thespecific payment card; receiving, from the specific service provider, aproposal for a service that incurs recurring payments payable by one ormore payment cards; sending a notification to a mobile terminal operatedby the holder of the specific payment card, wherein the notificationidentifies the proposal for the service that incurs recurring payments,wherein the notification further identifies the specific payment cardwithin payment cards issued to the holder of the specific payment card;receiving, from the mobile terminal operated by the holder of thespecific payment card, an acceptance notification indicating that theholder of the specific payment card has used the mobile terminal via amobile network to authorize recurring payments to the specific serviceprovider; notifying the service provider and the payment processorcomputer of the acceptance notification.
 7. The method according toclaim 6, wherein the one or more service providers comprise a firstservice provider and a second service provider, the method furthercomprising following acts at the mediator server: sending a request tothe mobile terminal operated by the holder of the specific payment card,the request requesting permission to authorize second recurring paymentsto the second service provider, the second recurring payments payable bya second payment card of the one or more payment cards, wherein anassociation exists between services of the first service provider andservices of the second service provider, and wherein the first andsecond payment cards may be the same payment card or separate paymentcards; receiving confirmation from the mobile terminal operated by theholder of the payment cards that the second service provider may proposeservices to the holder of the payment cards; relaying said confirmationto a payment processor computer; receiving from the payment processorcomputer a second token and storing the second token, wherein the secondtoken identifies the second service provider, wherein the second tokenfails to globally identify the second payment card but identifies thesecond payment card within payment cards issued to a holder of thepayment cards.
 8. The method according to claim 6, wherein the mediatorserver authenticates the mobile terminal operated by the holder of thespecific payment card by using a non-predictable reply address forsending the notification.
 9. The method according to claim 6, whereinthe mediator server uses a multidimensional data structure to manageservice offerings from multiple service providers to each of one or moremobile terminals, and wherein the mediator server identifies the serviceofferings from multiple service providers by varying a reply address forsending the notification.
 10. The method according to claim 6, whereinthe mediator server uses a multidimensional data structure to managemultiple phases of at least one service offering from at least oneservice providers to at least one mobile terminals, and wherein themediator server identifies the multiple phases by varying a replyaddress for sending the notification.
 11. A method comprising performingfollowing acts at a service provider computer: receiving informationindicating that a holder of a specific payment card may authorizerecurring payments for one or more services provided by a serviceprovider in charge of the service provider computer; sending, to amediator server, a proposal fora service that incurs recurring paymentspayable by the specific payment card; receiving from the mediator serveran acceptance notification indicating that the holder of the specificpayment card has used a mobile terminal via a mobile network toauthorize recurring payments to the specific service provider.
 12. Apayment processor computer configured to manage transactions related toone or more services provided by one or more service providers andpayable by one or more payment cards, the payment processor computercomprising: means for receiving a first request to authorize recurringpayments payable by a specific one of the one or more payment cards, thefirst request globally identifying the specific payment card; means forcreating a token that identifies a specific one of the one or moreservice providers, wherein the token fails to globally identify thespecific payment card but identifies the specific payment card withinpayment cards issued to a holder of the specific payment card; means forsending the created token to a mediator server; means for receiving fromthe mediator server an acceptance notification indicating that theholder of the specific payment card has used a mobile terminal via amobile network to authorize recurring payments to the specific serviceprovider.
 13. The payment processor computer according to claim 11,wherein the payment processor computer complies with specificationsissued by Payment Card Industry Security Standards Council, while themediator server operates outside said specifications.
 14. A mediatorserver configured to manage transactions, which relate to one or moreservices provided by one or more service providers and are payable byone or more payment cards, the mediator server comprising: means forreceiving, from a payment processor computer, a token that identifies aspecific one of the one or more service providers, wherein the tokenfails to globally identify the specific payment card but identifies thespecific payment card within payment cards issued to a holder of thespecific payment card; means for receiving, from the specific serviceprovider, a proposal for a service that incurs recurring paymentspayable by one or more payment cards; means for sending a notificationto a mobile terminal operated by the holder of the specific paymentcard, wherein the notification identifies the proposal for the servicethat incurs recurring payments, wherein the notification furtheridentifies the specific payment card within payment cards issued to theholder of the specific payment card; means for receiving, from themobile terminal operated by the holder of the specific payment card, anacceptance notification indicating that the holder of the specificpayment card has used the mobile terminal via a mobile network toauthorize recurring payments to the specific service provider; means fornotifying the service provider and the payment processor computer of theacceptance notification.
 15. The mediator server according to claim 14,wherein the mediator server is configured to authenticate the mobileterminal operated by the holder of the specific payment card by using anon-predictable reply address for sending the notification.
 16. Themediator server according to claim 14, wherein the mediator server isconfigured to use a multi-dimensional data structure to manage serviceofferings from multiple service providers to each of one or more mobileterminals, and wherein the mediator server identifies the serviceofferings from multiple service providers by varying a reply address forsending the notification.
 17. The mediator server according to claim 14,wherein the mediator server is configured to use a multi-dimensionaldata structure to manage multiple phases of at least one serviceoffering from at least one service providers to at least one mobileterminal, and wherein the mediator server identifies the multiple phasesby varying a reply address for sending the notification.
 18. A serviceprovider computer, comprising: means for receiving informationindicating that a holder of a specific payment card may authorizerecurring payments for one or more services provided by a serviceprovider in charge of the service provider computer; means for sending,to a mediator server, a proposal for a service that incurs recurringpayments payable by the specific payment card; means for receiving fromthe mediator server an acceptance notification indicating that theholder of the specific payment card has used a mobile terminal via amobile network to authorize recurring payments to the specific serviceprovider.
 19. A tangible software carrier embodying a set of computerprogram instructions executable in a mediator server configured tomanage transactions related to one or more services provided by serviceproviders that comprise a first service provider and a second serviceprovider, the transactions being payable by one or more payment cards;wherein execution of the computer program instructions causes thefollowing acts in the mediator server: receiving, from a paymentprocessor computer, a token that identifies a specific one of the one ormore service providers, wherein the token fails to globally identify thespecific payment card but identifies the specific payment card withinpayment cards issued to a holder of the specific payment card;receiving, from the specific service provider, a proposal for a servicethat incurs recurring payments payable by one or more payment cards;sending a notification to a mobile terminal operated by the holder ofthe specific payment card, wherein the notification identifies theproposal for the service that incurs recurring payments, wherein thenotification further identifies the specific payment card within paymentcards issued to the holder of the specific payment card; receiving, fromthe mobile terminal operated by the holder of the specific payment card,an acceptance notification indicating that the holder of the specificpayment card has used the mobile terminal via a mobile network toauthorize recurring payments to the specific service provider; notifyingthe service provider and the payment processor computer of theacceptance notification.